Do's and don'ts of a ransomware attack

Person typing on a keyboard with the words fraud alert on their screen.
Adobe Stock.

The likelihood of a cyber or ransomware attack is only increasing. According to a study conducted by Travelers, the fourth quarter of 2024 saw more ransomware activity than any previous period. The number of ransomware "gangs" increased 67% in 2024 to 55, creating additional risks for businesses.

In the latest Digital Insurance podcast, Dave Cunningham, senior case manager for Alvaka, reviews how the tactics of threat actors have evolved, looks at the risks that are emerging and shares practical steps for what to do if a company is the subject of a ransomware attack.

Mitigating the risk of an attack

Planning for an attack is an important part of the risk process. Cunningham says that not all security measures are created equal and it's important for companies to understand which ones will have the most impact in the event of a ransomware attack and to focus on those first.

"And in my opinion, there are four measures to do that are super effective. And in hundreds of cases, I've never seen an organization that was attacked successfully if they had these four measures in place. So, the first measure is, we got to prevent the attack. The most effective measure to prevent the attack is multifactor authentication because it prevents initial access, and it prevents the threat actor from progressing through the attack chain. The next thing we need to be able to do is detect an attack in progress and block it because we're not going to have perfect security. So, we have to understand that even with all the measures we have, we may have an attack. So, we have to have the ability to detect and block that attack."

If an enterprise is attacked, Cunningham says they must have the ability to recover, and this involves immutable backups where the data cannot be deleted. They should also test their recovery process before an actual attack so they can fix problems and understand how long the company could be out of service following an attack.

Lastly, Cunningham recommends that companies have a security risk assessment, which can identify specific risks and help prioritize which factors to focus on first based on how critical they are to the infrastructure.

Listen to the full podcast here to hear how to recover from a ransomware attack.

For reprint and licensing requests for this article, click here.
Ransomware Cyber attacks Artificial intelligence Cyber security
MORE FROM DIGITAL INSURANCE